Tracing and attributing while protecting privacy

ALCASAR allows people in charge of organization to meet access and use policies of Internet consultation networks requirements. In France, it allows to respect legal obligations to trace and attribute connections.

These requirements consist in authenticating users of the consultation network when they decide to connect to the Internet and to produce, for each of them, traces of all actions carried out (surfing, downloading, watching or listening of multimedia, mail, discussion, blog, secure connections, etc.). ALCASAR produces these logs in files that can be easily archived on external media in order to be exploited within the context of a judicial inquiry. Within the framework of the cyber-surveillance and to meet requirements of the CNIL (French ICO), the generation of these logs is associated to the following mechanisms in order to ensure non-repudiation and to guarantee privacy :

User authentication flows are encrypted. Users can change their password at any time. These passwords are stored encrypted in the internal database.
Log files can be encrypted. These precautions allow to prevent accusations from another user or administrator to have taken, exploited or modified these data ;

Direct consultation of Internet nominative activities is impossible. Indeed, traces of connections are intentionally scattered in many files whose domains are split (authentications for one thing and Internet activities for another). Imputation of connections is made possible after a work of aggregate on these files (this work is reserved for judicial authorities). The graphical management interface of ALCASAR only shows connections statistics and no nominative data related to activities realized on the Internet.;

Securing the consultation network

ALCASAR integrates a firewall and a web antivirus in order to protect network consultation equipments from direct external threats. Moreover, a specific module has been created in order to protect authenticated users from internal hacker's attempts trying to spoof their sessions.

Security updates of consultation equipments (antivirus and patches) are possible and can be automated through declared URL which can be directly reached with no prior authentication (trusted sites).

The portal

The security of the portal has been worked out like a bastion in order to resist to different kinds of threat :

using and securing of a recent and minimalist operating system (Mageia Linux) ;

protection of the portal against internal attacks (hardening and anti-bypass) ;

free softwares which constitute ALCASAR are known as hardened and secured ;